[joosters]

When scanning through the list of CAs on my machine, so many of them sound like unknown entities who I have no idea whether or not to trust. So it's difficult deciding whether I should remove any of them or not.

What would really help in this would be to know if any of these CAs have signed certificates for popular websites. Rightly or wrongly, I'd trust a CA who has certificates in active use by many sites over an obscure foreign (or not?) government CA who doesn't seem to sign any certificates that I'd normally interact with. After all, if suddenly one day ycombinator.com's site appears to be now signed by an obscure CA, I should probably be worried.

So, is there any way to map a given CA to the subset of the top 1000/10000/whatever number of websites that have certificates signed by it? Surely some webcrawlers must have indexed a large number of site certificates and have the data to build such a database.

[jakobegger]

Maybe Google's certificate transparency is what you are looking for? http://www.certificate-transparency.org

A more practical approach: Disable all root certificates, then enable them one by one as you are getting browser warnings.

[dletozeun]

Thank you, I was looking for this.

However, in any case, there are already so many CAs, that I am wondering what is preventing governments of forcing one of them to provide a fake certificate that suits their needs for national security reasons...

[mike_hearn]

What "stops" them (to the extent that anything stops a government that is ignoring their own laws) is that the agreements CAs sign with browser/OS makers don't have any provision for issuing fake certs just because a government requested it or compromised the key.

That means if anyone found evidence that a CA was issuing bogus certs (such as one of those certs), that CA would be revoked and bankruptcy would follow soon after. The fact that they were just obeying a court order wouldn't be considered relevant by the browser makers, especially if it's an obscure and little used one.

There are other forms of punishment beyond outright revocation. A CA owned by the French government did something bad at some point (I forgot what), and instead of total revocation they were name constrained to .fr

But basically, forcing CAs to co-operate with you against the contracts they've signed is a very limited strategy. Most governments outside the US government can only do it once or twice before there are no more CAs left in their jurisdiction. Not to mention the legal mess that would result from a company beyond forced to commit suicide to help an intercept operation.

[yuhong]

ANSSI if I remember correctly, and one of their intermediate CAs issued an intermediate that was installed in a MITM device. They seems to be phasing out the root now BTW.

[joosters]

There's not much to protect against that. But looking for 'perfect' CA protection is hopeless. At least by eliminating the more untrustworthy CAs you can protect against some attacks.

[itistoday2]

Certificate Transparency does little to solve this problem. It doesn't stop MITM attacks. It might have a chance of helping a small number of companies that have the resources to monitor all logs, but that's after the attack and only if all relevant CAs are participating in the system. It gives ordinary users nothing and requires sysadmins to go to extreme lengths. Most websites are unlikely to benefit:

https://blog.okturtles.com/2014/09/the-trouble-with-certific...

We've been working very hard on an alternative proposal that prevents MITM attacks called DNSChain, and we keep a running comparison of it with other proposals folks have made here:

https://github.com/okTurtles/dnschain/blob/master/docs/Compa...

[icebraining]

http://w3techs.com/technologies/overview/ssl_certificate/all

[joosters]

Awesome, thank you!